The Basics Of Wireless Security

When browsing the web you are exposed to many vulnerabilities.  By virtue, the operating system you use is enough to expose personal information to any relatively technical individual.  Whether you are at your desk or in the comfort of your home, the information you transmit to and from the Internet is, by default, not secure.  Out of the box, the wireless router you install at home in minutes does not have security enabled.  Manufacturers feel as though adding default security creates a level of complexity that the average user doesn’t want to be bothered with.  Many individuals feel as though they don’t care about who’s watching until they make that first credit card purchase.

Many open source applications such as Wireshark were designed to be a network tool but have the ability to be much more.  A graphical interface with information sorting and filtering options allows packets to be captured whether wired or wireless.   Consequently making the information you transmit/receive available for others to view.

WiFi can be transmitted and/or received by so many different devices that the amount and type of data passing by us is remarkable.  From cell phones and gaming systems to desktop and laptop computers, packets of data are passing through the air at unimaginable rates.

When you go to the local computer superstore and purchase an access point or wireless router you’re often given misleading advice that give you a false sense of security.  Many of the commonly recommended wireless security tips aren’t actually all that useful and may even do more harm than good by giving you that false sense of security.

Too often, we catch a story about an individual being accused of possession of, or downloading, illegal material.  By having a wireless network unsecured or improperly secured, you become an open portal for the transmission of such material.  On top of that your network is leading the trail for authorities directly to you!

Why? How?

Your Internet Service Provider (ISP) assigns an IP address to you via the router they provided.  The destination or source IP address for the illegal material is simply captured as part of the packets being transmitted.  The authorities trace the IP address to the ISP who then traces the IP address to the one assigned to you.  By not having your network secure, you hold a level of responsibility for the type of data being transmitted to and from your router whether having the knowledge of it or not.  Hypothetically, someone can connect to your network without your knowledge and either download or transmit illegal material.  You’re thinking — The police will just see that I didn’t do it.  Very true, but only after your neighbors saw the police at your home/office seizing your PC and your name was published in the newspaper.  Did I mention a costly defense?

What can I do to secure my wireless network?

Don’t broadcast your SSID

The SSID (Service Set Identifier) is an identification that is broadcasted by a wireless router. Basically, it’s the router saying “I’m out here, this is my name, connect to me.”  Telling a router not to broadcast its SSID may prevent basic wireless access software from displaying the network as a connection option, but it does nothing to actually secure the network. Any time a user connects to a router, the SSID is broadcast in plaintext with that packets sent and received, regardless of whether or not encryption is enabled. SSID information can also be picked up by anyone listening to the network in passive mode.

Disable DHCP

DHCP or Dynamical Host Control Protocol is when an IP address is automatically assigned to your device.  Static IP addressing is when you manually assign an IP address to your device and giving you the ability to change your subnet.  Switching DHCP off and using static IP addressing is no defense against a potential hacker. Anyone sniffing the network can usually figure out the IP scheme that has been used to assign the IP addresses with the subnet range.

Filter MAC addresses

Each NIC card has a unique MAC address.  Theoretically, this sounds great as a wireless access points can be configured to accept or block specified MAC addresses. The problem with filtering by MAC address is that these addresses are easily detected by anyone using appropriate monitoring software like Wireshark.

Filtering MAC addresses is the only one with even a minimal level of value. MAC address filtering can keep a beginner hacker or neighbors from easily connecting and accessing your wireless network, but it won’t do much else. To keep more sophisticated intruders off of your network, you’ll have to use encryption in addition to MAC address filtering

Use Encryption

Even the routers you can purchase locally are capable of using encryption.  What ever encryption you use, your key phrase should consist of as many characters, symbols, and numbers as possible.  WPA is a good encryption method, followed by WPA2, WPA, WPA, and WEP. Generally, any router that supports WPA is good in terms of its overall security. WEP is an “only if you must” protocol, but it’s still a better option than transmitting without encryption.

What does this have to do with computer forensics?

New Jersey Legal posses the expertise to evaluate your network, whether wired or wireless and work with you to firmly secure it.  Often times, a company solicits themselves as having forensic experts on staff.   Without having extensive networking knowledge, the forensic expert will overlook data that may be vital to your case.  Don’t allow the smoking gun be left undiscovered!

No related posts.

Cyber-Bullying: How Cell Phone and Computer Forensics Help (Part 1)

Sally feels humiliated at lunch after tripping over an unfortunately placed backpack belonging to another student named Jenny. The more students in the lunchroom laugh at Sally, the more her humiliation turns into anger. She harbors that anger until the end of the school day and then goes home.  Once in her room, she sits down in front of a computer and begins her retaliatory “payback.”

Sally sets up an anonymous Yahoo email account and sends Jenny an email that starts as something like:

“Dear Jenny: We watched you eat lunch today and you’re really disgusting…”

While writing the email, Sally grows more and more upset as she thinks back to the classmates laughing at her in the lunchroom and sends an extended email to Jenny that is full of derogatory comments. The next day, Sally goes to school and tells one of her friends about the clever “payback” email. They both think it was funny and decide they’re not done.  That weekend, the two of them go to work building a new MySpace site devoted to torturing Jenny.

They call the new MySpace profile “Jenny is a worthless #&$%!” and pretty soon, a half-dozen of their classmates are joining in on the fun — all anonymously, of course.

“Jenny’s a fat, ugly…[many harsh expletives]. Even her friends don’t like her. Somebody should tell her just how much we hate her and the world would be a better place without her.”

When Jenny finds out about the MySpace site, she is shocked. She had no idea somebody – anybody — hated her.

Jenny tells herself to just ignore it and hopes that it will go away, but down deep, she’s devastated. She doesn’t say anything about it to her parents or her friends. It’s too embarrassing. Every day, she sinks a little lower until, finally, her parents ask her if something’s wrong!  They begin to worry about the changes in her behavior…

It’s called cyber-bullying!  It’s becoming more common than ever and can be found in middle schools, high schools, colleges and even work places across the country. It’s spreading like a virus, which is why school districts all over the country are starting to – and those which haven’t, need to — institute programs and policies to deal with it.

Thousands, if not millions, of children across the country have been affected to the point where they have dropped out of school, required treatment for depression or even killed themselves as a result of this new and, unfortunately, very effective form of psychological assault.

According to a two-year-old study by the National Council on Crime Prevention, 43 percent of teens surveyed have been victims of cyber-bullying. A full three out of four children (yes, 75%!) have visited a Web site bashing another child and some 81 percent of teens say their peers engage in this sort of thing because “they think it’s funny.”

Studies like this have become quite common. Here are some stats:

• When teens were asked why they think others cyberbully, 81 percent  said that cyberbullies think it’s funny.
• Of 350 college students surveyed in Virginia and Illinois, she said, about 60 percent said they had experienced cyber-bullying.
• Forty-four percent of the boys say that they’ve seen sexual images of girls in their school, and about 15 percent of them are disseminating those images when they break up with the girls.
• Nichols said that 42 percent of children with access to the Internet report seeing online inappropriate, abusive or untrue information regarding someone they know, but only 10 percent ever tell a parent.
• According to a recent study, 20 percent of 13- to 19-year-olds have electronically posted or sent naked or semi-naked photos of themselves.
• Bullying is widespread, with nearly one-third of all students are involved in an incident each year, experts say. The effect on victims can be severe, ranging from academic failure and physical injuries to depression and even suicide. As for bullies, 60 percent of them have a criminal conviction by age 24, national statistics show.

The most famous involved a girl named Megan Meier, a Missouri girl who killed herself after being told, “The world would be a better place without you,” by a boy Megan fell in love with named Josh Evans.

It turned out though, that Josh Evans never existed. Josh was invented by a woman named Lori Drew, the mother of a former friend of Megan’s. Drew reportedly created Josh to gain Megan’s trust and affection with the ultimate goal of crushing her emotionally.  Clearly, Lori Drew got what she wanted.

Schools can only do so much, it’s really up to parents to know whether their children are involved in cyber-bullying. Statistics show only one child in 10 tells an adult when they are being targeted. That means 90 percent of our children are either suffering in silence or trying to deal with the harassment themselves.

As parents, we know that growing up is full of obstacles and is challenging enough with out having to also deal with cyber jerks! Parents are trying to keep track of what their children are being exposed to, but it is very difficult as peers can attack 24/7.  Unfortunately there is no manual for managing technology for your children, just as there is no manual for perfect parenting.

Talk to your child and find out if they, or someone they know, have ever been involved in cyber-bullying. Together, discuss cyber-bullying and give your children a better way of handling these difficulties, rather than leaving them to rely on coping through text messages, emails, IMs or social networks. Simply letting them know you are aware of cyber-bullying is the first step to keeping an open line of communication if there is an incident.

If you need help getting started, please feel free to give New Jersey Legal a call.  We are called on frequently to analyze and download information from hand held devices, like cell phones, iPhones, and BlackBerry phones, as well as computers in order to help parents and/or counselors begin the process of dealing with issues like cyber-bullying. We can be reached by phone at (856) 910-0202 or by email at info@njlc.net.

We’re working with parents and counselors to help them make educated and informed decisions in handling cases of cyber-bullying. Check back soon for part two to see how we’re doing that.

Related posts:

1. Cyber-Bullying: How Cell Phone and Computer Forensics Help (Part 2)
   Last week we posted an update talking about the epidemic of cyber-bullying. Largely based upon psychological assault, cyber-bullying has been spreading through our school systems rapidly. The impact on......
2. Captain Forensics Fights Cyber-Bullying
   Last week we put up a post on cyber-bullying. This is a terrible trend impacting children around the world in very serious, and even deadly, ways. While our blog......
3. What’s inside your child’s cell phone? (Part 2)
   A follow up to ‘Cell Phones for Children – A “Catch 22”?‘ Some of you may remember “Joe” from our last blog post and his experience with cell phone......
4. Cell Phones for Children – A “Catch-22”?
   Most parents buy cell phones for their children so they can just be a phone call away. But just a phone call away from whom? Actual New Jersey Legal......